EP2649740B1 - Enabling and disabling integrity protection for data radio bearers - Google Patents

Enabling and disabling integrity protection for data radio bearers Download PDF

Info

Publication number
EP2649740B1
EP2649740B1 EP11799199.2A EP11799199A EP2649740B1 EP 2649740 B1 EP2649740 B1 EP 2649740B1 EP 11799199 A EP11799199 A EP 11799199A EP 2649740 B1 EP2649740 B1 EP 2649740B1
Authority
EP
European Patent Office
Prior art keywords
integrity protection
node
receiving node
reconfiguration message
connection reconfiguration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP11799199.2A
Other languages
German (de)
French (fr)
Other versions
EP2649740A2 (en
Inventor
Jessica ÖSTERGAARD
Gunnar Mildh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to PL11799199T priority Critical patent/PL2649740T3/en
Publication of EP2649740A2 publication Critical patent/EP2649740A2/en
Application granted granted Critical
Publication of EP2649740B1 publication Critical patent/EP2649740B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/1607Details of the supervisory signal
    • H04L1/1685Details of the supervisory signal the supervisory signal being transmitted in response to a specific request, e.g. to a polling signal

Definitions

  • the technology relates to receiving and sending nodes of a wireless communications system, and in particular, to wireless communications systems with a capability to protect the integrity of data transmissions over a data radio bearer between the receiving and sending nodes.
  • Figure 1 shows a cellular communication system with a serving node 101 that serves a user equipment (UE) 103 located within the serving node's geographical area of service, called a cell 105.
  • the serving node 101 may e.g. be a base station, a Node B, or an evolved Node B (eNodeB or eNB).
  • eNodeB evolved Node B
  • the serving node 101 will be referred to as an eNB in the non-limiting example of a long term evolution (LTE) system.
  • Communication is bidirectional between the eNB 101 and the UE 103. Communications from the eNB 101 to the UE 103 are referred to as taking place in a downlink direction, whereas communications from the UE 103 to the eNB 101 are referred to as taking place in an uplink direction.
  • Relay nodes may also be used in a wireless communications system.
  • Figure 2 illustrates a relay node (RN) 204 with a service area or cell 207, the RN 204 communicating with a donor eNB (DeNB) 202 with a service area or cell 206, and one or several UEs 203 located within the RN's cell 207.
  • Transmissions between UE 203 and RN 204 are done over a radio interface denoted Uu, which is the same as for regular eNB to UE communication, so from a UE perspective the RN appears as a regular eNB.
  • Transmissions between the RN 204 and the DeNB 202 are made over a radio interface denoted Un, which reuses much of the functionality of the Uu interface.
  • Un radio interface
  • the RN 304 has an S1 interface setup towards the core network with the mobility management entity (MME) and/or service gateway (SGW) 308, which is proxied in the DeNB 302.
  • MME mobility management entity
  • SGW service gateway
  • the RN 304 may also have an X2 interface setup towards other eNBs 301, in which case the X2 interface is proxied in the DeNB 302.
  • the architecture is shown in Figure 3 .
  • the eNBs 301, the DeNBs 302, and the RN 304 are all part of the evolved universal terrestrial radio access network (E-UTRAN) 300, which is the radio network of the LTE system.
  • E-UTRAN evolved universal terrestrial radio access network
  • the 3GPP LTE Rel-10 work item description for a relay or RN includes the following characteristics.
  • a RN control cells 207 (see illustration in Figure 2 ), each of which appears to a UE as a separate cell distinct from the DeNB cell 206.
  • those RN controlled cells have their own Physical Cell IDs as defined in LTE Rel-8, and the RN transmits its own synchronization channels, and reference symbols.
  • the UE receives scheduling information and hybrid automatic repeat request (HARQ) feedback directly from the RN and sends its control channel information such as scheduling requests (SR), channel quality index (CQI), and acknowledgements (ACK) to the RN.
  • HARQ hybrid automatic repeat request
  • SR scheduling requests
  • CQI channel quality index
  • ACK acknowledgements
  • PDCP packet data convergence protocol
  • 3GPP specifications the packet data convergence protocol
  • RRC Radio Resource Control
  • the enabling and disabling of PDCP integrity protection - sometimes also referred to as activation and disabling of integrity protection - may be made per data radio bearer (DRB), meaning that not all DRBs would necessarily be configured to use integrity protection at a given time.
  • DRB data radio bearer
  • Integrity protection in PDCP may use a unique sequence number (SN) as input to the integrity protection algorithm for every packet that is protected. This makes the integrity verification code different even for identical packets sent at different times on the same DRB as they have different SN.
  • the complete SN used as input for integrity protection such as a COUNT value, may not be transmitted with every packet in order to avoid unnecessary overhead. Instead, only a part of the least significant bits of this SN value - typically 7 or 12 bits which are called a PDCP SN - are transmitted in each packet.
  • the transmitter and receiver then implicitly keep track of the remaining bits of the complete sequence number, i.e. the 25 or 20 bits that are called overflow counter or hyper frame number. This requires that the receiver increments the overflow counter every time the PDCP SN wraps around, e.g., goes from a count value 1111111 -> 0000000.
  • the new bearer may be configured with or without integrity protection depending on what is desired, independently of the configuration of the previous DRB.
  • releasing and setting up a new bearer is a complex procedure which also introduces a delay.
  • a possible solution to the problem of loosing packets when releasing and setting up a new DRB is to trigger an intra-cell handover to enable or disable integrity protection for an ongoing DRB.
  • performing an intra-cell handover only for the sake of enabling or disabling the integrity protection of one or more DRBs causes unnecessary data transfer interruption which introduces delays, as well as unnecessary load on the random access channel since a random access procedure is always part of a handover.
  • an intra-cell handover is an unnecessarily complex solution.
  • Another possible way to support enabling or disabling of integrity protection of a DRB during normal operation in prior art is to include an indication in the PDCP header indicating if integrity protection is applied to a given packet. This however introduces additional overhead in the PDCP header and could potentially be abused by an "attacker", which may manipulate a packet which is integrity-protected by changing the indication in the PDCP header to say that it is not protected.
  • a method in a sending node of a wireless communications system for supporting enabling and disabling of integrity protection of at least one data radio bearer between the sending node and a receiving node comprises, following a successful connection reestablishment between the sending node and the receiving node, transmitting a connection reconfiguration message to the receiving node.
  • the connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  • a method in a receiving node of a wireless communications system for enabling and disabling integrity protection of at least one data radio bearer between a sending node and the receiving node comprises, following a successful connection re-establishment between the sending node and the receiving node, receiving a connection reconfiguration message from the sending node.
  • the connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  • the method further comprises enabling integrity protection of packets on the at least one data radio bearer indicated by the indicator, and disabling integrity protection of packets on the rest of the at least one data radio bearers.
  • a sending node for a wireless communications system is provided.
  • the sending node is configured to support enabling and disabling of integrity protection of at least one data radio bearer between the sending node and a receiving node.
  • the sending node comprises a transmitter configured to transmit a connection reconfiguration message to the receiving node following a successful connection re-establishment between the sending node and the receiving node.
  • the connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  • a receiving node for a wireless communications system is provided.
  • the receiving node is configured to enable and disable integrity protection of at least one data radio bearer between a sending node and the receiving node.
  • the receiving node comprises a receiver configured to receive a connection reconfiguration message from the sending node following a successful connection re-establishment between the sending node and the receiving node.
  • the connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  • the receiving node also comprises a processing unit configured to enable integrity protection of packets on the at least one data radio bearer indicated by the indicator, and to disable integrity protection of packets on the rest of the at least one data radio bearers.
  • An advantage of embodiments is that it makes it possible to enable and disable integrity protection of an ongoing DRB not only at handover but also at RRC connection re-establishment.
  • Embodiments are described in a non-limiting general context in relation to an LTE network applying integrity protection of a DRB between a RN and a UE. However, it should be noted that the embodiments may also be applied to other types of radio access networks where integrity protection of DRBs is used.
  • the technology below is described in the context of RNs connecting to a DeNB, the technology may also be used in other scenarios when integrity protection is used, e.g., for UEs connecting to a normal base station, such as an eNB and a Node B.
  • a DeNB transmits a message to a RN for a reconfiguration of the connection directly following a successful connection reestablishment between the DeNB and the RN, and where the message comprises an indicator which indicates which one of the DRBs that shall have enabled integrity protection.
  • the RN can then enable and disable the integrity of the DRBs according to the indicator, when they are resumed after the re-establishment.
  • This solution makes it possible to enable or disable the integrity protection of DRBs at RRC connection re-establishment without introducing additional complexity related to handling of the data transmissions on the DRB. All data transmissions are suspended during the RRC re-establishment period which means that the receiver can determine if a packet was sent prior to or after the integrity protection enabling or disabling.
  • the technology also allows lossless packet delivery during the reconfiguration of integrity protection because the DRB is not released.
  • the integrity protection of a DRB may thus be changed at RRC connection reestablishment, which means that the integrity protection of a DRB may be changed at times other than at DRB setup and at handover.
  • RRC connection re-establishment may occur, for example, when the RN experiences a radio link failure which may be due to various problems with the radio link.
  • RRC connection reestablishment may occur when the RN loses synchronization of the overflow counter, when the RN fails to verify the integrity of incoming packets, or when the RN fails to implement an RRC connection reconfiguration.
  • three non-limiting example scenarios where it may be beneficial to enable or disable integrity protection on one or more DRBs are described, also including the signaling during the reestablishment. These three scenarios are described to illustrate the technology and some advantages of it.
  • Scenario 1 In this scenario it is assumed that integrity protection is applied for a DRB but the RN and the DeNB lose synchronization of their overflow counters, e.g. due to too many packet losses. The integrity protection of the packets on the DRB will therefore fail. This failure may potentially cause the RN to perform an RRC connection re-establishment. At the time of re-establishment, it may be desirable for the DeNB to be able to switch off the integrity protection of this DRB in order to avoid further reestablishment attempts from the RN. By avoiding re-establishment attempts from the RN, control is given to the DeNB to solve the error case where the overflow counter synchronization is lost.
  • Scenario 2 In this scenario it is assumed that an "attacker" is trying to manipulate the packets on the link between the RN and the DeNB.
  • the RN may detect that some packets are modified, e.g., by detecting a jump in the SN, or unlikely values used for some protocol fields. This may trigger an RRC connection reestablishment.
  • the DeNB may enable integrity protection of some DRBs for extra security against the attack.
  • Scenario 3 In this scenario it is assumed that a re-establishment occurs towards a DeNB cell with different support for DRB integrity protection than the previous DeNB cell had. For example, if a RN with all its DRB configured with integrity protection experiences a radio link failure in a DeNB cell 1, the RN may try to re-establish its RRC connection against a DeNB cell 2. This DeNB cell 2 may not support DRB integrity protection at all, or it may not have the processing capability to support integrity protection on all RN DRBs. Without the possibility to disable integrity protection at a re-establishment, the DeNB cell 2 must then reject the RRC reestablishment attempt or reject the DRBs that it cannot handle.
  • the DeNB cell 2 may only support integrity protected DRBs from a RN, and may then only accept the RRC re-establishment request if it may configure the integrity protection on the DRBs.
  • RRC re-establishment with change of integrity protection During the RRC connection re-establishment procedure in E-UTRAN, all DRBs are suspended. To resume the DRBs, an RRC connection reconfiguration is performed. The DeNB transmits an indication for each DRB in the first RRC connection reconfiguration message after the RRC connection re-establishment. The indication indicates if integrity protection performed at transmission, and integrity verification performed at reception should be applied for that DRB. When the RN receives an indication that integrity protection/verification should be applied for a given DRB, the RN applies integrity protection/verification for all subsequent packets on this DRB.
  • Integrity protection/verification is applied until either the DRB is released or the RN receives further indications that it should stop performing integrity protection/verification, e.g., at handover or at a further RRC connection re-establishment.
  • the indication of integrity protection may e.g. be of the same kind as the corresponding indication sent to change the integrity protection at handover.
  • FIG. 4a An illustration of the RRC connection re-establishment procedure in E-UTRAN is illustrated in Figures 4a and 4b.
  • Figure 4a illustrates a successful RRC connection re-establishment
  • Figure 4b illustrates an unsuccessful RRC connection reestablishment.
  • an RRCConnectionReestablishmentRequest is transmitted, in S41, by the UE 403 to the E-UTRAN 401.
  • E-UTRAN returns an RRCConnectionReestablishment message in S42, and the UE responds with RRCConnectionRe-establishmentComplete in S43. The connection reestablishment is thus successful.
  • FIG. 4 b shows the interaction between the UE 403 and the E-UTRAN 401.
  • Figures 4a and 4b may be interpreted as an illustration of the signaling between an RN and its DeNB during an RRC connection re-establishment procedure.
  • the UE 403 may thus be replaced by the RN, and the E-UTRAN 401 by the DeNB.
  • An RRC connection re-establishment request only succeeds if the cell (denoted E-UTRAN in the figures) is prepared for it, meaning that it has a valid UE context for the UE trying to re-establish its RRC connection. This means that the cell knows the DRB configuration of the UE trying to perform an RRC re-establishment. After successful completion of the RRC connection re-establishment procedure, all DRBs are suspended. To resume the DRBs, an RRC connection reconfiguration is sent as illustrated in Figure 5 . The connection reconfiguration procedure starts when the E-UTRAN 501 sends an RRCConnectionReconfiguration in S51 to the UE 503. The UE replies with an RRCConnectionReconfigurationComplete in S52.
  • Figure 5 shows the interaction between the UE 503 and the E-UTRAN 501.
  • Figure 5 may be interpreted as an illustration of the signaling between the RN and the DeNB during the RRC connection reconfiguration.
  • the UE 503 may thus be replaced by the RN, and the E-UTRAN 501 by the DeNB.
  • RRC connection reconfiguration not illustrated here, which is applicable if the UE or RN is unable to comply with the configuration.
  • the indication of integrity protection is included per DRB, within the RRCConnectionReconfiguation message in S51.
  • connection reconfiguration messages may be envisaged, as long as it is a reconfiguration message that follows upon a connection re-establishment, with the purpose of resuming the DRBs after a suspension due to the re-establishment.
  • the indication of integrity protection allows enabling integrity protection for the DRB, if previously disabled; disabling integrity protection for the DRB, if previously enabled; and keeping integrity protection enabled or disabled, as before the re-establishment and the reconfiguration.
  • the procedure for changing the integrity protection at reestablishment may be the same for all scenarios described above.
  • Figure 6 is a flowchart of a method in the sending node of a wireless communications system for supporting enabling and disabling of integrity protection of one or more DRBs between the sending node and a receiving node.
  • the sending node may be a radio base station
  • the receiving node may be a RN or a UE.
  • the method comprises, following a successful connection re-establishment between the sending node and the receiving node:
  • the transmitted connection reconfiguration message is in one embodiment an RRC connection reconfiguration message following an RRC connection reestablishment.
  • Integrity protection comprises in one embodiment:
  • the verification of the integrity protection checksum comprises calculating an authentication code for integrity based on some input parameters and comparing it with the checksum received in the packet. If they correspond to each other, the verification is successful.
  • Figure 7 is a flowchart of a method in a receiving node of a wireless communications system for enabling and disabling integrity protection of one or more DRBs between a sending node and the receiving node.
  • the sending node may be a radio base station
  • the receiving node may be a RN or a UE.
  • the method comprises, following a successful connection re-establishment between the sending node and the receiving node:
  • connection reconfiguration message is in one embodiment an RRC connection reconfiguration message following an RRC connection reestablishment.
  • Integrity protection comprises in one embodiment:
  • a sending node 800 and a receiving node 850 for a wireless communications system are schematically illustrated in the block diagram in Figure 8a according to embodiments.
  • the receiving node may be a RN or a UE.
  • the sending node may be a radio base station.
  • the sending node 800 is configured to support enabling and disabling of integrity protection of one or more DRBs between the sending node and the receiving node 850.
  • the sending node comprises a transmitter 801 configured to transmit a connection reconfiguration message to the receiving node following a successful connection re-establishment between the sending node and the receiving node.
  • the connection reconfiguration message comprises an indicator indicating which ones of the DRBs that shall have enabled integrity protection.
  • the transmitter 801 is connected to an antenna 803 via an antenna port. However, there may be more than one antenna and/or antenna ports.
  • the transmitted connection reconfiguration message is an RRC connection reconfiguration message following an RRC connection reestablishment.
  • Integrity protection comprises in one embodiment:
  • the receiving node 850 illustrated in Figure 8a is configured to enable and disable integrity protection of one or more DRBs between the sending node 800 and the receiving node.
  • the receiving node comprises a receiver 851 configured to receive a connection reconfiguration message from the sending node following a successful connection re-establishment between the sending node and the receiving node.
  • the connection reconfiguration message comprises an indicator indicating which ones of the DRBs that shall have enabled integrity protection.
  • the receiver 851 is connected to an antenna 853 via an antenna port. However, there may be more than one antenna and/or antenna ports.
  • the receiving node also comprises a processing unit 852 configured to enable integrity protection of packets on the DRBs indicated by the indicator, and to disable integrity protection of packets on the rest of the DRBs.
  • the received connection reconfiguration message is in one embodiment an RRC connection reconfiguration message following an RRC connection re-establishment. Integrity protection comprises in one embodiment:
  • the units described above with reference to Figure 8a may be logical units, separate physical units or a mixture of both logical and physical units.
  • FIG 8b schematically illustrates an embodiment of the receiving node 850, which is an alternative way of disclosing the embodiment illustrated in Figure 8a .
  • the receiving node 850 comprises a receiver 851 connected to an antenna 853 via an antenna port, as already described above with reference to Figure 8a .
  • the receiving node 850 also comprises a Central Processing Unit (CPU) 855 which may be a single unit or a plurality of units.
  • the receiving node 850 comprises at least one computer program product 856 in the form of a non-volatile memory, e.g. an EEPROM (Electrically Erasable Programmable Read-Only Memory), a flash memory or a disk drive.
  • the computer program product 856 comprises a computer program 857, which comprises code means which when run on the receiving node 850 causes the CPU 855 on the receiving node 850 to perform steps of the procedure described earlier in conjunction with Figure 7 .
  • the code means in the computer program 857 of the receiving node 850 comprises a module 857a for enabling integrity protection of packets on the DRB indicated by the indicator received in the connection reconfiguration message, and a module 857b for disabling integrity protection on the rest of the DRBs.
  • the code means may thus be implemented as computer program code structured in computer program modules.
  • the modules 857a and 857b essentially perform the steps 720 and 730 of the flow in Figure 7 to emulate the receiving node 850 described in Figure 8a . In other words, when the modules 857a and 857b are run on the CPU 855, they correspond to the processing unit 852 of Figure 8a .
  • circuitry configured to perform one or more described actions is used herein to refer to any such embodiment (i.e., one or more specialized circuits and/or one or more programmed processors).
  • the technology can additionally be considered to be embodied entirely within any form of computer-readable memory, such as solidstate memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Description

    TECHNICAL FIELD
  • The technology relates to receiving and sending nodes of a wireless communications system, and in particular, to wireless communications systems with a capability to protect the integrity of data transmissions over a data radio bearer between the receiving and sending nodes.
  • BACKGROUND
  • Figure 1 shows a cellular communication system with a serving node 101 that serves a user equipment (UE) 103 located within the serving node's geographical area of service, called a cell 105. Depending on the system, the serving node 101 may e.g. be a base station, a Node B, or an evolved Node B (eNodeB or eNB). Hereinafter, the serving node 101 will be referred to as an eNB in the non-limiting example of a long term evolution (LTE) system. Communication is bidirectional between the eNB 101 and the UE 103. Communications from the eNB 101 to the UE 103 are referred to as taking place in a downlink direction, whereas communications from the UE 103 to the eNB 101 are referred to as taking place in an uplink direction.
  • Relay nodes may also be used in a wireless communications system. Figure 2 illustrates a relay node (RN) 204 with a service area or cell 207, the RN 204 communicating with a donor eNB (DeNB) 202 with a service area or cell 206, and one or several UEs 203 located within the RN's cell 207. Transmissions between UE 203 and RN 204 are done over a radio interface denoted Uu, which is the same as for regular eNB to UE communication, so from a UE perspective the RN appears as a regular eNB. Transmissions between the RN 204 and the DeNB 202 are made over a radio interface denoted Un, which reuses much of the functionality of the Uu interface. This means that the DeNB 202 handles the RN 204 as a UE, using similar protocols as when communicating with a UE with some additions.
  • To function as an eNB in an LTE system, the RN 304 has an S1 interface setup towards the core network with the mobility management entity (MME) and/or service gateway (SGW) 308, which is proxied in the DeNB 302. The RN 304 may also have an X2 interface setup towards other eNBs 301, in which case the X2 interface is proxied in the DeNB 302. The architecture is shown in Figure 3. The eNBs 301, the DeNBs 302, and the RN 304 are all part of the evolved universal terrestrial radio access network (E-UTRAN) 300, which is the radio network of the LTE system.
  • The 3GPP LTE Rel-10 work item description for a relay or RN includes the following characteristics. First, a RN control cells 207 (see illustration in Figure 2 ), each of which appears to a UE as a separate cell distinct from the DeNB cell 206. Second, those RN controlled cells have their own Physical Cell IDs as defined in LTE Rel-8, and the RN transmits its own synchronization channels, and reference symbols. Third, the UE receives scheduling information and hybrid automatic repeat request (HARQ) feedback directly from the RN and sends its control channel information such as scheduling requests (SR), channel quality index (CQI), and acknowledgements (ACK) to the RN. Fourth, there should preferably not be any UE impact from the RN functionality so that legacy LTE UEs can be served by the RN cell 207.
  • It is desirable to support integrity protection of RN signaling and/or data between the RN and DeNB. One option is to implement this integrity protection in the packet data convergence protocol (PDCP) layer described in the 3GPP specifications as a relay-specific functionality in the PDCP layer. In such a case, the setup and configuration of the integrity protection will be done by the RRC protocol. The enabling and disabling of PDCP integrity protection - sometimes also referred to as activation and disabling of integrity protection - may be made per data radio bearer (DRB), meaning that not all DRBs would necessarily be configured to use integrity protection at a given time.
  • Integrity protection in PDCP may use a unique sequence number (SN) as input to the integrity protection algorithm for every packet that is protected. This makes the integrity verification code different even for identical packets sent at different times on the same DRB as they have different SN. The complete SN used as input for integrity protection, such as a COUNT value, may not be transmitted with every packet in order to avoid unnecessary overhead. Instead, only a part of the least significant bits of this SN value - typically 7 or 12 bits which are called a PDCP SN - are transmitted in each packet. The transmitter and receiver then implicitly keep track of the remaining bits of the complete sequence number, i.e. the 25 or 20 bits that are called overflow counter or hyper frame number. This requires that the receiver increments the overflow counter every time the PDCP SN wraps around, e.g., goes from a count value 1111111 -> 0000000.
  • In prior art it is proposed to support enabling of integrity protection at DRB setup. However, the proposal only allows the possibility to change the integrity protection, i.e. enable or disable the integrity protection, for an ongoing bearer at a handover. Changing the integrity protection of a DRB during normal operation is deemed too complex since it is difficult to coordinate the change of integrity protection with the ongoing traffic on the DRB, e.g., due to re-transmissions, which may lead to that some packets will be protected and some will not. One concern is that this may make it difficult for the receiver to know if integrity protection has been applied to a given packet or not.
  • According to the proposal, it is thus only possible to enable or disable the integrity protection at initial DRB setup, at handover, or by releasing the DRB and setting up a new DRB to carry the traffic. The new bearer may be configured with or without integrity protection depending on what is desired, independently of the configuration of the previous DRB..However, releasing and setting up a new bearer is a complex procedure which also introduces a delay. Furthermore, there is no support for lossless and duplicate-free data delivery since packets related to the old DRB, which may have been transmitted by the transmitter but so far not received by the receiver, will be discarded by the radio protocols when the old DRB is released.
  • A possible solution to the problem of loosing packets when releasing and setting up a new DRB, is to trigger an intra-cell handover to enable or disable integrity protection for an ongoing DRB. However, performing an intra-cell handover only for the sake of enabling or disabling the integrity protection of one or more DRBs causes unnecessary data transfer interruption which introduces delays, as well as unnecessary load on the random access channel since a random access procedure is always part of a handover. Furthermore, an intra-cell handover is an unnecessarily complex solution.
  • Another possible way to support enabling or disabling of integrity protection of a DRB during normal operation in prior art is to include an indication in the PDCP header indicating if integrity protection is applied to a given packet. This however introduces additional overhead in the PDCP header and could potentially be abused by an "attacker", which may manipulate a packet which is integrity-protected by changing the indication in the PDCP header to say that it is not protected.
  • Document "3rd Generation Partnership Project;Technical Specification Group Services and System Aspects;3GPP System Architecture Evolution (SAE);Security architecture(Release 9)", 3GPP DRAFT; 33401-950, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), discloses a reconfiguration of integrity protection for radio bearers at the initial setup or after handover.
  • SUMMARY
  • It is therefore an object to address some of the problems outlined above, and to allow for reconfiguration of integrity protection of a DRB other than at initial DRB setup and handover, without loosing any packets and adding any complexity and/or delays. This object and others are achieved by the methods and the sending and receiving nodes according to the independent claims, and by the embodiments according to the dependent claims.
  • In accordance with a first embodiment, a method in a sending node of a wireless communications system for supporting enabling and disabling of integrity protection of at least one data radio bearer between the sending node and a receiving node is provided. The method comprises, following a successful connection reestablishment between the sending node and the receiving node, transmitting a connection reconfiguration message to the receiving node. The connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  • In accordance with a second embodiment, a method in a receiving node of a wireless communications system for enabling and disabling integrity protection of at least one data radio bearer between a sending node and the receiving node is provided. The method comprises, following a successful connection re-establishment between the sending node and the receiving node, receiving a connection reconfiguration message from the sending node. The connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection. The method further comprises enabling integrity protection of packets on the at least one data radio bearer indicated by the indicator, and disabling integrity protection of packets on the rest of the at least one data radio bearers.
  • In accordance with a third embodiment, a sending node for a wireless communications system is provided. The sending node is configured to support enabling and disabling of integrity protection of at least one data radio bearer between the sending node and a receiving node. The sending node comprises a transmitter configured to transmit a connection reconfiguration message to the receiving node following a successful connection re-establishment between the sending node and the receiving node. The connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  • In accordance with a fourth embodiment, a receiving node for a wireless communications system is provided. The receiving node is configured to enable and disable integrity protection of at least one data radio bearer between a sending node and the receiving node. The receiving node comprises a receiver configured to receive a connection reconfiguration message from the sending node following a successful connection re-establishment between the sending node and the receiving node. The connection reconfiguration message comprises an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection. The receiving node also comprises a processing unit configured to enable integrity protection of packets on the at least one data radio bearer indicated by the indicator, and to disable integrity protection of packets on the rest of the at least one data radio bearers.
  • An advantage of embodiments is that it makes it possible to enable and disable integrity protection of an ongoing DRB not only at handover but also at RRC connection re-establishment.
  • Other objects, advantages and features of embodiments will be explained in the following detailed description when considered in conjunction with the accompanying drawings and claims.
  • BRIEF DESCRIPTION OF THE DRAWINGS
    • Figure 1 is a schematic illustration of an eNB and a UE in a wireless communications system.
    • Figure 2 is a schematic illustration of a DeNB, a RN and a UE in a wireless communications system.
    • Figure 3 is a schematic illustration of the architecture with DeNB, a RN in a wireless communications system.
    • Figures 4a -b are signalling diagrams illustrating the RRC connection reestablishment procedure.
    • Figure 5 is a signalling diagram illustrating the RRC connection reconfiguration procedure.
    • Figure 6 is a flowchart of the method in the sending node according to embodiments.
    • Figure 7 is a flowchart of the method in the receiving node according to embodiments.
    • Figures 8a -b are block diagrams illustrating the sending and receiving nodes according to embodiments.
    DETAILED DESCRIPTION
  • In the following, different aspects will be described in more detail with references to certain embodiments and to accompanying drawings. For purposes of explanation and not limitation, specific details are set forth, such as particular scenarios and techniques, in order to provide a thorough understanding of the different embodiments. However, other embodiments that depart from these specific details may also exist.
  • Embodiments are described in a non-limiting general context in relation to an LTE network applying integrity protection of a DRB between a RN and a UE. However, it should be noted that the embodiments may also be applied to other types of radio access networks where integrity protection of DRBs is used.
  • Although the technology below is described in the context of RNs connecting to a DeNB, the technology may also be used in other scenarios when integrity protection is used, e.g., for UEs connecting to a normal base station, such as an eNB and a Node B.
  • The problem of how to allow a reconfiguration of integrity protection for an ongoing DRB without adding complexity and delays, and without loosing any data packets, is addressed by a solution where a DeNB transmits a message to a RN for a reconfiguration of the connection directly following a successful connection reestablishment between the DeNB and the RN, and where the message comprises an indicator which indicates which one of the DRBs that shall have enabled integrity protection. The RN can then enable and disable the integrity of the DRBs according to the indicator, when they are resumed after the re-establishment.
  • This solution makes it possible to enable or disable the integrity protection of DRBs at RRC connection re-establishment without introducing additional complexity related to handling of the data transmissions on the DRB. All data transmissions are suspended during the RRC re-establishment period which means that the receiver can determine if a packet was sent prior to or after the integrity protection enabling or disabling. The technology also allows lossless packet delivery during the reconfiguration of integrity protection because the DRB is not released.
  • The integrity protection of a DRB may thus be changed at RRC connection reestablishment, which means that the integrity protection of a DRB may be changed at times other than at DRB setup and at handover. RRC connection re-establishment may occur, for example, when the RN experiences a radio link failure which may be due to various problems with the radio link. Furthermore, RRC connection reestablishment may occur when the RN loses synchronization of the overflow counter, when the RN fails to verify the integrity of incoming packets, or when the RN fails to implement an RRC connection reconfiguration. Hereinafter, three non-limiting example scenarios where it may be beneficial to enable or disable integrity protection on one or more DRBs are described, also including the signaling during the reestablishment. These three scenarios are described to illustrate the technology and some advantages of it.
  • Scenario 1: In this scenario it is assumed that integrity protection is applied for a DRB but the RN and the DeNB lose synchronization of their overflow counters, e.g. due to too many packet losses. The integrity protection of the packets on the DRB will therefore fail. This failure may potentially cause the RN to perform an RRC connection re-establishment. At the time of re-establishment, it may be desirable for the DeNB to be able to switch off the integrity protection of this DRB in order to avoid further reestablishment attempts from the RN. By avoiding re-establishment attempts from the RN, control is given to the DeNB to solve the error case where the overflow counter synchronization is lost.
  • Scenario 2: In this scenario it is assumed that an "attacker" is trying to manipulate the packets on the link between the RN and the DeNB. The RN may detect that some packets are modified, e.g., by detecting a jump in the SN, or unlikely values used for some protocol fields. This may trigger an RRC connection reestablishment. As a consequence of the re-establishment, the DeNB may enable integrity protection of some DRBs for extra security against the attack.
  • Scenario 3: In this scenario it is assumed that a re-establishment occurs towards a DeNB cell with different support for DRB integrity protection than the previous DeNB cell had. For example, if a RN with all its DRB configured with integrity protection experiences a radio link failure in a DeNB cell 1, the RN may try to re-establish its RRC connection against a DeNB cell 2. This DeNB cell 2 may not support DRB integrity protection at all, or it may not have the processing capability to support integrity protection on all RN DRBs. Without the possibility to disable integrity protection at a re-establishment, the DeNB cell 2 must then reject the RRC reestablishment attempt or reject the DRBs that it cannot handle. By allowing reconfiguration of the integrity protection, this problem can instead be solved by accepting the re-establishment attempt and all DRBs, and disabling the integrity protection on the DRBs where it cannot be supported. In another situation, the DeNB cell 2 may only support integrity protected DRBs from a RN, and may then only accept the RRC re-establishment request if it may configure the integrity protection on the DRBs.
  • RRC re-establishment with change of integrity protection: During the RRC connection re-establishment procedure in E-UTRAN, all DRBs are suspended. To resume the DRBs, an RRC connection reconfiguration is performed. The DeNB transmits an indication for each DRB in the first RRC connection reconfiguration message after the RRC connection re-establishment. The indication indicates if integrity protection performed at transmission, and integrity verification performed at reception should be applied for that DRB. When the RN receives an indication that integrity protection/verification should be applied for a given DRB, the RN applies integrity protection/verification for all subsequent packets on this DRB. Integrity protection/verification is applied until either the DRB is released or the RN receives further indications that it should stop performing integrity protection/verification, e.g., at handover or at a further RRC connection re-establishment. The indication of integrity protection may e.g. be of the same kind as the corresponding indication sent to change the integrity protection at handover.
  • An illustration of the RRC connection re-establishment procedure in E-UTRAN is illustrated in Figures 4a and 4b. Figure 4a illustrates a successful RRC connection re-establishment, and Figure 4b illustrates an unsuccessful RRC connection reestablishment. In Figures 4a and 4b , an RRCConnectionReestablishmentRequest is transmitted, in S41, by the UE 403 to the E-UTRAN 401. In Figure 4a , E-UTRAN returns an RRCConnectionReestablishment message in S42, and the UE responds with RRCConnectionRe-establishmentComplete in S43. The connection reestablishment is thus successful. If the E-UTRAN has to reject the re-establishment, an RRCConnectionReestablishmentReject is returned in S44 to the UE upon receiving the request in S41, as illustrated in Figure 4 b. Figures 4a and 4b show the interaction between the UE 403 and the E-UTRAN 401. However, in the case described above with a DeNB and a RN, Figures 4a and 4b may be interpreted as an illustration of the signaling between an RN and its DeNB during an RRC connection re-establishment procedure. The UE 403 may thus be replaced by the RN, and the E-UTRAN 401 by the DeNB.
  • An RRC connection re-establishment request only succeeds if the cell (denoted E-UTRAN in the figures) is prepared for it, meaning that it has a valid UE context for the UE trying to re-establish its RRC connection. This means that the cell knows the DRB configuration of the UE trying to perform an RRC re-establishment. After successful completion of the RRC connection re-establishment procedure, all DRBs are suspended. To resume the DRBs, an RRC connection reconfiguration is sent as illustrated in Figure 5 . The connection reconfiguration procedure starts when the E-UTRAN 501 sends an RRCConnectionReconfiguration in S51 to the UE 503. The UE replies with an RRCConnectionReconfigurationComplete in S52. Figure 5 shows the interaction between the UE 503 and the E-UTRAN 501. However, in the case of an RN connecting to a DeNB, Figure 5 may be interpreted as an illustration of the signaling between the RN and the DeNB during the RRC connection reconfiguration. The UE 503 may thus be replaced by the RN, and the E-UTRAN 501 by the DeNB. There is also a failure case of the RRC connection reconfiguration, not illustrated here, which is applicable if the UE or RN is unable to comply with the configuration.
  • According to one embodiment, the indication of integrity protection is included per DRB, within the RRCConnectionReconfiguation message in S51. However, other connection reconfiguration messages may be envisaged, as long as it is a reconfiguration message that follows upon a connection re-establishment, with the purpose of resuming the DRBs after a suspension due to the re-establishment. The indication of integrity protection allows enabling integrity protection for the DRB, if previously disabled; disabling integrity protection for the DRB, if previously enabled; and keeping integrity protection enabled or disabled, as before the re-establishment and the reconfiguration. The procedure for changing the integrity protection at reestablishment may be the same for all scenarios described above.
  • Figure 6 is a flowchart of a method in the sending node of a wireless communications system for supporting enabling and disabling of integrity protection of one or more DRBs between the sending node and a receiving node. In embodiments, the sending node may be a radio base station, and the receiving node may be a RN or a UE.
  • The method comprises, following a successful connection re-establishment between the sending node and the receiving node:
    • 610: Transmitting a connection reconfiguration message to the receiving node. The connection reconfiguration message comprises an indicator indicating which ones of the DRBs that shall have enabled integrity protection.
  • The transmitted connection reconfiguration message is in one embodiment an RRC connection reconfiguration message following an RRC connection reestablishment. However, other messages for reconfiguring the connection may be envisaged in alternative embodiments. Integrity protection comprises in one embodiment:
    • Adding an integrity protection checksum to a transmitted packet.
    • Verifying an integrity protection checksum in a received packet.
    • Discarding the received packet when the verification of the integrity protection checksum fails.
  • The verification of the integrity protection checksum comprises calculating an authentication code for integrity based on some input parameters and comparing it with the checksum received in the packet. If they correspond to each other, the verification is successful.
  • Figure 7 is a flowchart of a method in a receiving node of a wireless communications system for enabling and disabling integrity protection of one or more DRBs between a sending node and the receiving node. In embodiments, the sending node may be a radio base station, and the receiving node may be a RN or a UE. The method comprises, following a successful connection re-establishment between the sending node and the receiving node:
    • 710: Receiving a connection reconfiguration message from the sending node. The connection reconfiguration message comprises an indicator indicating which ones of the DRBs that shall have enabled integrity protection.
    • 720: Enabling integrity protection of packets on the DRBs indicated by the indicator. The packets transmitted on the indicated DRBs will thus now be integrity protected, regardless of if they were integrity protected before the connection reestablishment or not.
    • 730: Disabling integrity protection of packets on the rest of the DRBs. No integrity protection will be used on the DRBs that were not indicated to have enabled integrity protection, regardless of if they were integrity protected before the connection re-establishment or not.
  • The received connection reconfiguration message is in one embodiment an RRC connection reconfiguration message following an RRC connection reestablishment. However, other messages for reconfiguring the connection may be envisaged in alternative embodiments. Integrity protection comprises in one embodiment:
    • Adding an integrity protection checksum to a transmitted packet.
    • Verifying an integrity protection checksum in a received packet.
    • Discarding the received packet when the verification of the integrity protection checksum fails.
  • A sending node 800 and a receiving node 850 for a wireless communications system are schematically illustrated in the block diagram in Figure 8a according to embodiments. In embodiments, the receiving node may be a RN or a UE. In either case, the sending node may be a radio base station. The sending node 800 is configured to support enabling and disabling of integrity protection of one or more DRBs between the sending node and the receiving node 850. The sending node comprises a transmitter 801 configured to transmit a connection reconfiguration message to the receiving node following a successful connection re-establishment between the sending node and the receiving node. The connection reconfiguration message comprises an indicator indicating which ones of the DRBs that shall have enabled integrity protection. In Figure 8a , the transmitter 801 is connected to an antenna 803 via an antenna port. However, there may be more than one antenna and/or antenna ports.
  • In one embodiment, the transmitted connection reconfiguration message is an RRC connection reconfiguration message following an RRC connection reestablishment. Integrity protection comprises in one embodiment:
    • Adding an integrity protection checksum to a transmitted packet.
    • Verifying an integrity protection checksum in a received packet.
    • Discarding the received packet when the verification of the integrity protection checksum fails.
  • The receiving node 850 illustrated in Figure 8a is configured to enable and disable integrity protection of one or more DRBs between the sending node 800 and the receiving node. The receiving node comprises a receiver 851 configured to receive a connection reconfiguration message from the sending node following a successful connection re-establishment between the sending node and the receiving node. The connection reconfiguration message comprises an indicator indicating which ones of the DRBs that shall have enabled integrity protection. The receiver 851 is connected to an antenna 853 via an antenna port. However, there may be more than one antenna and/or antenna ports.
  • The receiving node also comprises a processing unit 852 configured to enable integrity protection of packets on the DRBs indicated by the indicator, and to disable integrity protection of packets on the rest of the DRBs. The received connection reconfiguration message is in one embodiment an RRC connection reconfiguration message following an RRC connection re-establishment. Integrity protection comprises in one embodiment:
    • Adding an integrity protection checksum to a transmitted packet.
    • Verifying an integrity protection checksum in a received packet.
    • Discarding the received packet when the verification of the integrity protection checksum fails.
  • The units described above with reference to Figure 8a may be logical units, separate physical units or a mixture of both logical and physical units.
  • Figure 8b schematically illustrates an embodiment of the receiving node 850, which is an alternative way of disclosing the embodiment illustrated in Figure 8a . The receiving node 850 comprises a receiver 851 connected to an antenna 853 via an antenna port, as already described above with reference to Figure 8a . The receiving node 850 also comprises a Central Processing Unit (CPU) 855 which may be a single unit or a plurality of units. Furthermore, the receiving node 850 comprises at least one computer program product 856 in the form of a non-volatile memory, e.g. an EEPROM (Electrically Erasable Programmable Read-Only Memory), a flash memory or a disk drive. The computer program product 856 comprises a computer program 857, which comprises code means which when run on the receiving node 850 causes the CPU 855 on the receiving node 850 to perform steps of the procedure described earlier in conjunction with Figure 7 .
  • Hence in the embodiment described, the code means in the computer program 857 of the receiving node 850 comprises a module 857a for enabling integrity protection of packets on the DRB indicated by the indicator received in the connection reconfiguration message, and a module 857b for disabling integrity protection on the rest of the DRBs. The code means may thus be implemented as computer program code structured in computer program modules. The modules 857a and 857b essentially perform the steps 720 and 730 of the flow in Figure 7 to emulate the receiving node 850 described in Figure 8a . In other words, when the modules 857a and 857b are run on the CPU 855, they correspond to the processing unit 852 of Figure 8a .
  • Although the code means in the embodiment disclosed above in conjunction with Figure 8b are implemented as a computer program modules, they may in alternative embodiments be implemented at least partly as hardware circuits.
  • Although the description above contains many specifics, they should not be construed as limiting but as merely providing illustrations of some presently preferred embodiments. The technology fully encompasses other embodiments which may become apparent to those skilled in the art. Reference to an element in the singular is not intended to mean "one and only one" unless explicitly so stated, but rather "one or more." All structural and functional equivalents to the elements of the above-described embodiments that are known to those of ordinary skill in the art are intended to be encompassed hereby. Moreover, it is not necessary for a device or method to address each and every problem sought to be solved by the described technology for it to be encompassed hereby.
  • The description sets forth specific details, such as particular embodiments for purposes of explanation and not limitation. However, it will be appreciated by one skilled in the art that other embodiments may be employed apart from these specific details. In some instances, detailed descriptions of well known methods, interfaces, circuits, and devices are omitted so as not obscure the description with unnecessary detail. Individual blocks are shown in the figures corresponding to various nodes. Those skilled in the art will appreciate that the functions of those blocks may be implemented using individual hardware circuits, and/or using software programs and data, in conjunction with a suitably programmed digital microprocessor or general purpose computer. Nodes that communicate using the air interface also have suitable radio communications circuitry. It will be recognized that various actions may be performed by specialized circuits (e.g., analog and/or discrete logic gates interconnected to perform a specialized function), by one or more processors programmed with a suitable set of instructions, or by a combination of both. The term "circuitry configured to" perform one or more described actions is used herein to refer to any such embodiment (i.e., one or more specialized circuits and/or one or more programmed processors). Moreover, the technology can additionally be considered to be embodied entirely within any form of computer-readable memory, such as solidstate memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.

Claims (21)

  1. A method in a sending node (800) of a wireless communications system for supporting enabling and disabling of integrity protection of at least one data radio bearer between the sending node and a receiving node (850), the method comprising, following a successful connection re-establishment between the sending node and the receiving node:
    - transmitting (610) a connection reconfiguration message to the receiving node (850), characterized in that the connection reconfiguration message comprising an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  2. The method according to claim 1, wherein the transmitted connection reconfiguration message is a Radio Resource Control, RRC, connection reconfiguration message following an RRC connection re-establishment.
  3. The method according to any of the preceding claims, wherein integrity protection comprises:
    - adding an integrity protection checksum to a transmitted packet,
    - verifying an integrity protection checksum in a received packet, and
    - discarding the received packet when the verification of the integrity protection checksum fails.
  4. The method according to any of the preceding claims, wherein the receiving node is a relay node.
  5. The method according to any of claims 1-3, wherein the receiving node is a user equipment.
  6. The method according to any of the preceding claims, wherein the sending node is a radio base station.
  7. A method in a receiving node (850) of a wireless communications system for enabling and disabling integrity protection of at least one data radio bearer between a sending node (800) and the receiving node, the method comprising, following a successful connection re-establishment between the sending node and the receiving node:
    - receiving (710) a connection reconfiguration message from the sending node, characterized in that the connection reconfiguration message comprising an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection,
    - enabling (720) integrity protection of packets on the at least one data radio bearer indicated by the indicator, and
    - disabling (730) integrity protection of packets on the rest of the at least one data radio bearers.
  8. The method according to claim 7, wherein the received connection reconfiguration message is a Radio Resource Control, RRC, connection reconfiguration message following an RRC connection re-establishment.
  9. The method according to any of claims 7-8, wherein integrity protection comprises:
    - adding an integrity protection checksum to a transmitted packet,
    - verifying an integrity protection checksum in a received packet, and
    - discarding the received packet when the verification of the integrity protection checksum fails.
  10. The method according to any of claims 7-9, wherein the receiving node is a relay node.
  11. The method according to any of claims 7-9, wherein the receiving node is a user equipment.
  12. The method according to any of claims 7-11, wherein the sending node is a radio base station.
  13. A sending node (800) for a wireless communications system, configured to support enabling and disabling of integrity protection of at least one data radio bearer between the sending node and a receiving node (850), the sending node comprising a transmitter (801) configured to transmit a connection reconfiguration message to the receiving node following a successful connection re-establishment between the sending node and the receiving node, characterized in that the connection reconfiguration message comprising an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection.
  14. The sending node according to claim 13, wherein the transmitted connection reconfiguration message is a Radio Resource Control, RRC, connection reconfiguration message following an RRC connection re-establishment.
  15. The sending node according to any of claims 13-14, wherein integrity protection comprises:
    - adding an integrity protection checksum to a transmitted packet,
    - verifying an integrity protection checksum in a received packet, and
    - discarding the received packet when the verification of the integrity protection checksum fails.
  16. The sending node according to any of claims 13-15, wherein the sending node is a radio base station.
  17. A receiving node (850) for a wireless communications system, configured to enable and disable integrity protection of at least one data radio bearer between a sending node (800) and the receiving node, the receiving node comprising:
    - a receiver (851) configured to receive a connection reconfiguration message from the sending node following a successful connection re-establishment between the sending node and the receiving node, characterized in that the connection reconfiguration message comprising an indicator indicating which ones of the at least one data radio bearers that shall have enabled integrity protection, and
    - a processing unit (852) configured to enable integrity protection of packets on the at least one data radio bearer indicated by the indicator, and to disable integrity protection of packets on the rest of the at least one data radio bearers.
  18. The receiving node according to claim 17, wherein the received connection reconfiguration message is a Radio Resource Control, RRC, connection reconfiguration message following an RRC connection re-establishment.
  19. The receiving node according to any of claims 17-18, wherein integrity protection comprises:
    - adding an integrity protection checksum to a transmitted packet,
    - verifying an integrity protection checksum in a received packet, and
    - discarding the received packet when the verification of the integrity protection checksum fails.
  20. The receiving node according to any of claims 17-19, wherein the receiving node is a relay node.
  21. The receiving node according to any of claims 17-19, wherein the receiving node is a user equipment.
EP11799199.2A 2010-12-10 2011-09-16 Enabling and disabling integrity protection for data radio bearers Active EP2649740B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PL11799199T PL2649740T3 (en) 2010-12-10 2011-09-16 Enabling and disabling integrity protection for data radio bearers

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US42180610P 2010-12-10 2010-12-10
PCT/SE2011/051115 WO2012078092A2 (en) 2010-12-10 2011-09-16 Enabling and disabling integrity protection for data radio bearers

Publications (2)

Publication Number Publication Date
EP2649740A2 EP2649740A2 (en) 2013-10-16
EP2649740B1 true EP2649740B1 (en) 2014-12-17

Family

ID=45373818

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11799199.2A Active EP2649740B1 (en) 2010-12-10 2011-09-16 Enabling and disabling integrity protection for data radio bearers

Country Status (10)

Country Link
US (1) US9294232B2 (en)
EP (1) EP2649740B1 (en)
CN (1) CN103314548B (en)
AR (1) AR084227A1 (en)
BR (1) BR112013014467A2 (en)
DK (1) DK2649740T3 (en)
ES (1) ES2530961T3 (en)
PL (1) PL2649740T3 (en)
WO (1) WO2012078092A2 (en)
ZA (1) ZA201304200B (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8965415B2 (en) 2011-07-15 2015-02-24 Qualcomm Incorporated Short packet data service
US8660078B2 (en) * 2012-02-07 2014-02-25 Qualcomm Incorporated Data radio bearer (DRB) enhancements for small data transmissions apparatus, systems, and methods
JP2015138996A (en) * 2014-01-20 2015-07-30 堅一 前 Communication device, communication program, communication system, and communication method
CN105940757A (en) * 2014-01-31 2016-09-14 诺基亚技术有限公司 Configured condition for radio resource control connection re-establishment procedure
EP3107342B1 (en) * 2014-03-07 2020-12-09 Huawei Technologies Co., Ltd. Relay node (rn), donor enodeb (denb) and communication method
WO2017152360A1 (en) 2016-03-08 2017-09-14 华为技术有限公司 Method and device for radio bearer security configuration
WO2017183884A1 (en) * 2016-04-19 2017-10-26 Lg Electronics Inc. Method for handling failure of handover procedure in wireless communication system and apparatus therefor
CN109691159B (en) * 2016-09-13 2024-01-12 诺基亚技术有限公司 PDCP COUNT handling in RRC connection recovery
CN109561423B (en) * 2017-01-26 2020-07-14 华为技术有限公司 Method and device for accessing target cell
US10123210B2 (en) * 2017-03-17 2018-11-06 Nokia Of America Corporation System and method for dynamic activation and deactivation of user plane integrity in wireless networks
CN108810899A (en) * 2017-04-28 2018-11-13 维沃移动通信有限公司 Integrality detection method, terminal and network side equipment
CN109246705B (en) * 2017-06-15 2020-10-23 维沃移动通信有限公司 Data radio bearer integrity protection configuration method, terminal and network equipment
CN109391603B (en) * 2017-08-11 2021-07-09 华为技术有限公司 Data integrity protection method and device
US11129017B2 (en) * 2017-09-28 2021-09-21 Futurewei Technologies, Inc. System and method for security activation with session granularity
AU2017438908A1 (en) * 2017-11-07 2020-06-18 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Data processing method and network device
WO2019174015A1 (en) 2018-03-15 2019-09-19 Oppo广东移动通信有限公司 Data processing method, access network device, and core network device
WO2019090626A1 (en) 2017-11-09 2019-05-16 Oppo广东移动通信有限公司 Data retransmission method and device
CN110035432B (en) * 2018-01-12 2020-09-11 华为技术有限公司 Integrity protection key management method and equipment
WO2019213856A1 (en) * 2018-05-09 2019-11-14 Oppo广东移动通信有限公司 Method and apparatus for configuring drb integrity protection, and computer storage medium
EP3806516A4 (en) * 2018-06-14 2021-06-09 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method and apparatus for controlling security function, network device, and terminal device
US11729836B2 (en) * 2018-09-26 2023-08-15 Telefonaktiebolaget Lm Ericsson (Publ) Early data delivery for random access procedure
CN113557699B (en) * 2018-12-11 2024-04-12 索尼集团公司 Communication apparatus, infrastructure equipment, core network equipment and method

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8275988B2 (en) * 2007-02-06 2012-09-25 Lg Electronics Inc. Verification of system information in wireless communication system
US8699711B2 (en) * 2007-07-18 2014-04-15 Interdigital Technology Corporation Method and apparatus to implement security in a long term evolution wireless device
KR101392697B1 (en) * 2007-08-10 2014-05-19 엘지전자 주식회사 Method for detecting security error in mobile telecommunications system and device of mobile telecommunications
CN101686227A (en) * 2008-09-23 2010-03-31 华为技术有限公司 Method and equipment of data suspension
US8873474B2 (en) * 2008-10-17 2014-10-28 Telefonaktiebolaget L M Ericsson (Publ) Method and mobile terminal providing priority-based uplink scheduling information
US8331322B2 (en) * 2009-01-22 2012-12-11 Htc Corporation Method of handling radio bearer resumption, wireless communication device and wireless communication system thereof
EP2265077B1 (en) * 2009-06-18 2012-03-21 Panasonic Corporation Enhanced random access procedure for mobile communications
CN101998358A (en) * 2009-08-03 2011-03-30 宏达国际电子股份有限公司 Image processing device, method and medium
CN102036256B (en) * 2009-09-28 2013-03-20 华为技术有限公司 Data transmission method, device and system
KR101831448B1 (en) * 2010-02-02 2018-02-26 엘지전자 주식회사 Method of selectively applying a pdcp function in wireless communication system
WO2012055114A1 (en) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Security of user plane traffic between relay node and radio access network
CN102142942B (en) * 2011-04-01 2017-02-08 中兴通讯股份有限公司 Data processing method and system in relay node system

Also Published As

Publication number Publication date
CN103314548A (en) 2013-09-18
ZA201304200B (en) 2014-10-29
ES2530961T3 (en) 2015-03-09
WO2012078092A3 (en) 2012-08-02
DK2649740T3 (en) 2015-03-23
AR084227A1 (en) 2013-05-02
US20120307709A1 (en) 2012-12-06
CN103314548B (en) 2016-05-04
US9294232B2 (en) 2016-03-22
BR112013014467A2 (en) 2016-09-13
PL2649740T3 (en) 2015-06-30
WO2012078092A2 (en) 2012-06-14
EP2649740A2 (en) 2013-10-16

Similar Documents

Publication Publication Date Title
EP2649740B1 (en) Enabling and disabling integrity protection for data radio bearers
US20220330103A1 (en) Method for performing a cell change procedure in a wireless communication system and a device therefor
CN102056226B (en) The acquisition methods of PDCP status report and PDCP entity
US9999086B2 (en) Packet data transfer re-establishment
US9432847B2 (en) Method and apparatus for reconfiguring connection to base station at relay node in a wireless communication system
CA2920660C (en) Method and system for protocol layer enhancements in data offload over small cells
TWI387285B (en) Wireless communication method for transmitting a sequence of data units between a wireless device and a network
US9178662B2 (en) Random access method using NDI and user equipment for the same
US9559930B2 (en) Method and apparatus for measuring a packet throughput in wireless communication system
US8774108B2 (en) Method of releasing radio bearer in wireless communication system and receiver
US20160219458A1 (en) Methods and apparatus for radio link control switching
KR101563008B1 (en) Method of releasing radio bearer in wireless communication system and receiver
EP2101530A1 (en) Method of processing HARQ by considering measurement gap
EP3122115B1 (en) Wireless communication apparatus and wireless communication method
US20220141748A1 (en) Method and apparatus for performing dc based handover
ES2669718T3 (en) Method and apparatus for triggering acknowledgment status report in wireless communications system
JP2016039459A (en) User device
KR20090084756A (en) Mobile communication system and method for transmitting status report thereof
WO2011113324A1 (en) Method and relay node for processing backhaul link error
WO2020091056A1 (en) Schemes and methods of integrity protection in mobile communication
CN103179614A (en) Method of processing HARQ by considering measurement gap
KR102049392B1 (en) Method and apparatus of configuring radio link control layer in wireless communication system
JP7050721B2 (en) Wireless communication device and control method
KR102211469B1 (en) Method and apparatus of pdcp reordering considering multi-flow in dual connectivity system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20130617

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

INTG Intention to grant announced

Effective date: 20140708

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 702520

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150115

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602011012423

Country of ref document: DE

Effective date: 20150212

REG Reference to a national code

Ref country code: NL

Ref legal event code: T3

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2530961

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20150309

REG Reference to a national code

Ref country code: DK

Ref legal event code: T3

Effective date: 20150319

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

RAP2 Party data changed (patent owner data changed or rights of a patent transferred)

Owner name: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150317

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150318

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 702520

Country of ref document: AT

Kind code of ref document: T

Effective date: 20141217

REG Reference to a national code

Ref country code: PL

Ref legal event code: T3

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150417

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602011012423

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20150918

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150916

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150930

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20150930

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 6

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20110916

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 7

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 8

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20141217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CZ

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190916

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20190930

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190930

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20220629

Year of fee payment: 12

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20220926

Year of fee payment: 12

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20221003

Year of fee payment: 12

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230523

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20230921

Year of fee payment: 13

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20230927

Year of fee payment: 13

Ref country code: PL

Payment date: 20230831

Year of fee payment: 13

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602011012423

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230930

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20240403

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IE

Payment date: 20240927

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DK

Payment date: 20240925

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20240927

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20240926

Year of fee payment: 14